CVE-2019-3887

Description

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

References

Link	Tags
http://www.securityfocus.com/bid/107850	vdb entry third party advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE/	vendor advisory
https://usn.ubuntu.com/3980-1/	third party advisory vendor advisory
https://usn.ubuntu.com/3979-1/	third party advisory vendor advisory
https://usn.ubuntu.com/3980-2/	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2019:2703	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2019:2741	third party advisory vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887	issue tracking third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2019-3887?: CVE-2019-3887 has been scored as a medium severity vulnerability.
How to fix CVE-2019-3887?: To fix CVE-2019-3887, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-3887 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2019-3887 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-3887?: CVE-2019-3887 affects The Linux Foundation Kernel.

Description

Category

CWE-863 – Incorrect Authorization

References

Frequently Asked Questions